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ANNEX A Arguments on difference between Kohl and present indention 

This is a ISnal effort to highlight the differences between the mechanism taught by Kohl 
and the own mechanism. 



All databfise tables consist of columns and rtjfws. Here is an example of a table 
containing; data about homes. 

















Blue ea^le 


37 




yes 


Will he repainted this Bummer 


2 


sunset: 


68 




no 


Old-fashioned furniture 


3 


Indian avunmsr 


6S 




yes 





Now consider authorizations. There are 2 types of authorizations; 



• CO lumn authorizations 

A oser may be authorized to read certain columns only. For example, a usea: is 
allawed to see all columns, except the Internal notes column. 

• row authorizations 

A jser may be authorized to read certaiu rows. For example a user is allowed to 
read row 1 , but not row 2 and 3. 

(Nalxiially, we can also consider the combination of these two types, but that is not 
necessary for this plea,) 

Let's focus on the differences between these two types of authorizations. 

Column aiuthorizations can be defined for certain user groups. An automated system 
can £^ply these authorizations without looking at the data in the table. Data about the 
individual user is also sst needed. The automated system always applies the 
authorizati ons without knowing the actual data. 

Row authorizations can be basic and complex. 

« Basic row authorizations 

Thsse authorizations can also be defijied for certain user groups and are based 
on a filter, lilce ^'active = yes". This means that certain users (e.g. visitors of a 
website) are only allowed to see houses which are active. The automated system 
ne«;ds the data in the table, but does got need data about the individual user. 

• Extendled row authorizations 

Th^se authorizations use an actual relationship between the data in the table and 
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thi5 data of the user. In this examplej users are only allowed to see data of their 
own houses. Suppose a user has key value 37* A look at the table shows that this 
person is Ihs owner of home 'Blue esigle'. This means that this user is only 
aUtowed to see the data of row 1 . Since the user does not own the other houses, 
this user is not allowed to read the data in the other rows. In this case we talk 
about own pennissions. 

To summarize, column authorizations never have a relation to actual data and are 
defined fcr groups of users, not for individusd users. Once set, they are static and they 
remain stsitic, Row authorizations are more dynamic. Basic row authorizations 
depend on actual data in the table, while extimded row authorizafjons depend on 
actual dati in lihe table and actual data of the particular user. The working principle of 
the latter iis vesry different: the automated sy&lem needs actual user dataj and has to 
compare this data with the data in the table in order to apply the authorizations 
correctly. 



TpbleauttiorizatiQnB 




Basic Extended fownl 









No data nfftededifnom table 
No data netededl'rom user 


Data needed from table 
No data needed from user 


Data needed from table 
Data needed from user 


State, simple 
implementiation 


Dynamic, simple 
implernertatton 


Dynamic, extended 
ImplementQtnn 


Users in a user group get a 
sutjset of Edl columns 


Users in a usergroupget a 
subset of rows, based on data 
in the table 


Individual useis get a subset of 
rows based on relations between 
data In the table and data of the 
ind«/iduat user 
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We arguft that KohJ only teaches column amthoriJEations, and does not teach row 
autljorizEtions, Let" s have a closer look at Vyhat Kohl teaches: 

• pireseiit different salespeople with different sets of the columns (Coliuxra 7, Hne 
53-54). 

• S.ilespeople in an LA office may be presented with an "Orders" application 
where the "Ship from" column is not visible (Column 7, line 55-57) 

• Sidespeople in the field may, however, be presented with au "Orders" 
application where the "Ship from" Golunm is available (Column 7, line 57-59) 

In all examples Kohl only mentions columns. Kohl never mentions rows. Talking about 
rows is ettsenlial to explain the own mechanism. Without talking about rows. Kohl 
camiot refer to or explain the mechanism behind the own permission (not even in the 
broadest interpretation). 

Furthermore, Kohl never mentions individuid users and authorizations based on their 
personal data. Kohl only talks about gtoxxps of users. When only groups of users are 
mentionoa, the mechanism can never relate to the own method. 
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